One of the most underlying issue in Android Operating System, which has been found recently, but has
existed for many years, is the bug Stagefright. Being the part from Android 2.2 (Froyo), Stagefright is
actually a media playback engine that include integration with OpenMAX codecs, session management,
time-synchronized rendering, transport control, and DRM. In a gist ,a video sent via MMS (text
message) could be theoretically used as an avenue of attack through the libStageFright mechanism (thus
the “Stagefright” name), which helps Android process video files. It can be exploited with certain integer
overflow vulnerabilities, allowing remote code execution and privilege escalation.
On July 27, 2015, Joshua Drak from Zimperium Security firm, discovered this bug, stating that, even
though the ASLR (Address Space Layout Randomization) enabled system, protects user from this
issue, by randomly arranging the memory address spaces of the process, but it’s not enough for
security issue like this. As a part of Android 4.0, all active devices with Google services have
protection against a buffer overflow attack built in, so it shouldn’t be of much concern for the users.
According to the analysts, the bug has not be exploited yet, but taking into account, the extent of the
risk, Google started working out on the security patch, and is soon to release it to all Nexus phones
and tablets. Motorola and HTC are next on the list, for the updates. So, if you are an Android user,
sit back and relax, patches will soon be available for devices.
Although, it’s not necessary, but if you want to see if your phone is vulnerable to the Stagefright
exploit, these are some available apps for you:
- Lookout Mobile Stagefright Detector
- Zimperium Stagefright Detector
Comment below if you r facing any such issues!